LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 09-25-2006, 08:10 AM   #1
PhillipHuang
Member
 
Registered: Aug 2006
Location: Shen Zhen
Distribution: Ubuntu 10.04
Posts: 198

Rep: Reputation: 33
vsftpd using Ldap+pam authentication issue


Hi,all

Maybe my words will be a litter long, please pay more patience. Thanks.

I want to use ldap+pam to authentocicate the http and vftspd service. The LDAP server(192.168.123.33) is OpenLDAP with common port 389.

The server(192.168.123.68) that supplies http and vsftpd is installed CentOS 4.3(final), and I configure the following files:

# grep -v "#" /etc/ldap.conf
base dc=plasmon,dc=sit
uri ldap://192.168.123.33:389
binddn cn=root,dc=plasmon,dc=sit
bindpw phillip
bind_timelimit 300
idle_timelimit 300
timelimit 300
ssl off

# cat /etc/pam.d/login
auth sufficient pam_ldap.so
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_ldap.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so

Here, I could control the http service with ldap certification as well. I configure the "vsftpd" as the following:

# cat /etc/pam.d/vsftpd
auth sufficient pam_ldap.so
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_shells.so
account sufficient pam_ldap.so
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so

Then on 3rd machine named "192.168.123.32" to log in this ftp server:
# ftp 192.168.123.32
It always has such error messages:
530 Login incorrect.
Login failed.

I've tried many ways to modified this "vsftpd" file, but failed.
Finally, I copied the "login" file to "vsftpd" without any changes. As you can see:

# cat /etc/pam.d/vsftpd
auth sufficient pam_ldap.so
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_ldap.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so

and then tried to log on ftp server again, how supprised I am, the ldap users could be certificated and logging on successfully.
Although I am confused, I modified the "vsftpd" again, delete the two lines contain "pam_ldap.so":


# cat /etc/pam.d/vsftpd
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so


Try to log on ftp again. The result is so amazing, the ldap user still could log on the ftp.

Dose pam_ldap.so not work? How could it work with vsftps authenciation process? Why my last test are still be able to log in ftp even without pam_ldap.so?

By the way, after every time modified "vsftpd", I've done restarting the "vsftpd" service to make sure the modification could take effect.

Please help me. Any sugguestion appreciated.

Thanks and regards,
Phillip
 
Old 09-26-2006, 10:43 PM   #2
PhillipHuang
Member
 
Registered: Aug 2006
Location: Shen Zhen
Distribution: Ubuntu 10.04
Posts: 198

Original Poster
Rep: Reputation: 33
Fixed this issue by myself.
Compile the lasted souce code of "pam_ldap", and use the created "pam_ldap.so" to instead the old one located in "/lib/security", everything is ok now.

The old "pam_ldap.so" is created from rpm packages, so I sugguest you'd better use tarball to use pam_ldap.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd pam authentication mikeseal Linux - Networking 5 03-14-2010 05:33 PM
pam ldap limit authentication hassan2 Suse/Novell 0 08-01-2005 06:03 PM
pam and ldap authentication problem abrb220 Linux - Networking 2 07-31-2005 03:49 PM
vsftpd + pam + virtual users - Pam cannot load database file. mdkelly069 Linux - Networking 3 09-22-2004 11:07 PM
Squid PAM authentication and LDAP redmat Linux - Newbie 1 09-03-2004 07:22 PM


All times are GMT -5. The time now is 08:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration